Page History
...
Yellowfin's Administration Service allows for integrating Yellowfin with essentially all third-party authentication processes. Primarily an authentication bridge will be used when implementing Yellowfin as a standalone application or when implementing Yellowfin as a tightly integrated application where this is required.
To integrate with a third-party authentication process, a custom bridge needs to be created. This bridge will take a username and password from one system and match the details to a user in the Yellowfin system. Usually the third-party authentication source will provide a username, sometimes with a password and other additional user attributes.
The purpose of the Bridge is to match this username with an existing user in Yellowfin and perform a Single-Sign-On (SSO) into Yellowfin as that user. Very rarely there will be a password available from the third-party source. The LOGINUSERNOPASSWORD web service will allow for the Bridge to login a user using only their Username, alternatively, LOGINUSER can be used to log the user with a password.
The bridge is not necessarily used to determine whether the user is allowed to login. The fact that the Bridge receives the username is that the user has already been validated. However, sometimes the Bridge will be responsible for “asking” the third party if the user is valid.
Sometimes there will be a need to auto-create the users if they do not yet exist in Yellowfin. This might require using additional information to create the user like email address, first and last name, etc. which should be sourced from the third-party authentication source. The Bridge can use the GETUSER or VALIDATEUSER web service function to determine if a user exists in Yellowfin or not and the ADDUSER web service call to create a user. If bulk user creation option is required, ADDUSERS web service function can be called.
Part of the Bridge process may also be to modify the user's Yellowfin role or group membership as part of the login process. If Yellowfin is integrated with a product where access to different content may change, it may be required to update this group membership during the login process. This would require sourcing information from the third-party source about what groups a user should be added to/removed from. The UPDATEUSER web service call will allow a user’s role to be modified and the INCLUDEUSERINGROUP / EXCLUDEUSERFROMGROUP web service calls can be used to add/remove from groups that determine what Yellowfin content they can access.
The Bridge can be implemented in many ways. It could be integrated
- as part of Yellowfin itself (as a JSP, Servlet or Filter within the Yellowfin web application);
- a standalone application (GUI, console or web application) that communicates with the third-party source and Yellowfin;
- Or part of the third-party application itself.
The best place to implement the bridge will depend on the environment and components involved.
When implementing within the Yellowfin container, the various implementation methods will allow for different functionality. JSPs and Servlets allow for implementing code when the user is directed to a particular URL whereas Filters allow for checking authentication on any URL requested from the Yellowfin system.
Here is an image that describes the basic process of what a Yellowfin Authentication Bridge needs to do:
Services are used to perform administrative functions, such as perform single sign-ons, manage users and client organizations, and more. Below is a list of all these functions.
Categories of Administration Services
The administration web services are categorized into the following sections.
| Category | Description |
|---|---|
| Single sign-on | This category is related to user authentication services, that allows them to access multiple organizations. |
| User management | The services displayed in this section involve user management and replication. |
| Group & role administration | These web services are related to managing user roles and groups. |
| Client organization management | These web services are used to manage Yellowfin's Client Org. functionality. |
| User object retrieval & manipulation | The function calls in this category can be used to retrieve or manipulate user objects, mainly report and dashboard details. |
| Content folder/category management | Use these calls to manage folders/categories and sub-folders/subcategories, including user access. |
| Export & import content | This group of functions are related to exporting or importing Yellowfin content. |
| Schedule management | These web services can be used to manage Yellowfin's schedule management functionality. |
| Cache management | This special set of web services are used to manage caches in a cluster environment. |
| Data source management | The web services highlighted in this section will allow you to manage your data sources. |
| Configuration & settings | These web services can be used to manage Yellowfin's configuration settings. |
| View management | A set of web services to update a Yellowfin view. |
| Some additional web services, including some you can use for testing the server or for performing SQL queries. |
A separate section is also included that provides details on the object definitions of administration services.